The ZeroFOX Alpha team spent the 6 months last year researching and documenting the first comprehensive look at the full spectrum of security and business risks on social media in a four part white paper series: the anatomy of an attack.

All four anatomy of an attack white papers take a scientific approach to documenting attacker TTPs, cost, impact to the modern organization and more. Each white paper concludes with actionable recommendations and best practices to organizations to begin address all types of social media threats.

Network Compromise via Social Media Exploitation

The attack chain has changed. In the wake of the social media revolution, cybercriminals exploit businesses and their customers at a massive scale. When every employee, brand account, customer and executive is a target, the modern cybercriminal has changed how they carry out an attack. Businesses have been slow to catch on.

Adversaries traditionally target a corporate network using 2 phases: reconnaissance and exploitation. Reconnaissance involves footprinting, scanning, and enumeration. When attackers use social media, the attack strategy is similar, but the methods of attack are quite different. In social media, targeting an organization and corporate network involves footprinting, monitoring & profiling, impersonating or hijacking, and the actual attack.

White Paper Highlights:

Case study of a Fortune 50 organization breached via social media

Deep dive into each layer of the new attack chain

A detailed look at impersonation accounts and hijacked accounts, a new staple in the attack lifecycle

TTPs used by the modern attacker on social media

Recommendations and best practices for update your security posture

Data Loss Prevention in a Social Media World

The rise of social media has ushered in an era of rapid and widespread access to information, but these conveniences come with new potential liabilities. More specifically, digital communication is as easy as it’s ever been for malicious actors, opening up the door to a host of new methods to exfiltrate data outside the confines of the modern organization’s security perimeter. The diverse and continuously evolving nature of social information streams severely complicates an effective response to these emerging threats.

Social media is rife with issues from inadvertent data loss involving a mid- to high-level employee accidentally revealing sensitive information exposing business or customer data, to the insider threat involving a low- to mid-level employee absconding intel to a competitor, to an external data breach involving a nation state actor who steals trade secrets. Social media has changed the name of the game when it comes to data loss both in terms of its ease of exposure and its sheer vastness, making it far more difficult to detect. This is further complicated by emerging and ever-changing social attack surfaces, such as malware and phishing that occur outside of corporate network defenses. In this report, ZeroFOX Research details the the many social media data loss risks and threats, and outlines a multi-layered approach that security teams can adopt to detect and prevent this data loss to compliment their perimeter protections.

White Paper Highlights:

Detailed synopsis of how data exfiltration can be carried out through social media

2 year analysis of hundreds of millions of social media posts demonstrating proliferation of PII disclosure

Timeline of major data exfiltrating events performed using social media over the past 7 years

Screenshots of social media data loss examples and how they can be prevented, detected and remediated

Recommendations to modernize security best practices for individuals and organizations

Hacking a Corporate Social Media Account

Social media account takeovers are an increasingly common occurrence, affecting the likes of politicians, celebrities, brands, other high-profile accounts and even Mark Zuckerberg, the father of the social media revolution. However, no study has been performed to analyze the prevalence, cost, motivations, and methodology of such attacks. Understanding these would be incredibly helpful for defense; for example, it could be used for effective distribution of preventative efforts. To that end, ZeroFOX Research has investigated successful account takeovers against celebrities and organizations in the past 4 years and aggregated pertinent details into this white paper. ZeroFOX also considered attacks to regular accounts and small business accounts, which is detailed in the conclusion. These attacks are less costly than those covered in the body of the study, but occur much more frequently.

ZeroFOX Research collected over 2000 unique news articles, blog posts, social media help forum requests, and alerts from the ZeroFOX platform occurring between January 2012 and September 2016 regarding social media account takeovers of celebrities and major organizations. We triaged this dataset into 347 successful attacks against unique high-profile individuals or businesses and used this corpus to analyze the prevalence and cost of similar account takeovers. We then investigated the motivations of malicious actors to understand who is at risk. Finally, we looked into the tactics, techniques, and procedures surrounding account takeovers.

White Paper Highlights:

A detailed survey of 347 high-profile accounts compromised over the past 4.5 years

A breakdown of hackers motivations, including money, political messages, and just “for the lulz”

Common attacker tactics, techniques, & procedures and methods of breaking into a high-value account

Best practices for securing your accounts on social media

Maintaining Compliance in the Age of Social Media

As organizations and employees embrace social media to promote brand awareness, provide health education, and forge tighter relationships with customers, one must balance this with the organization’s regulatory governance, security, and privacy. Many regulatory and industry compliance guidelines outline recommendations in terms of technical safeguards, data loss monitoring, and breach notification instructions as an approach to ensuring security and privacy when engaging on social media.

Social media presents a new challenge to organizations. Social interactions occur largely outside of the company’s network and therefore outside of standard perimeter protections. Furthermore, unmanaged mobile devices and their apps allow out-of-band communications over cellular networks. If data is disseminated out of the organization, administrators are ill-equipped to identify the behavior over the network or through a managed endpoint. This makes current security and compliance controls inadequate for detecting and mitigating social media threats.

Compliance standards such as HIPAA (Health Insurance Portability and Accountability Act) pre-date social media, but have created addendums offering security and privacy guidance for social media. Other regulatory bodies have followed as a way to push organizations to incorporate this very important threat vector and ensure appropriate safeguards to mitigate data loss. Social media presents a data loss risk for PII (Personally Identifiable Information), PHI (Protected Health Information), customer information, credit cards, and information following breaches. Verizon’s Data Breach Investigations Report (DBIR) reveals that roughly 50% of breaches take months to detect. This simply isn’t adequate by today’s standards. Fortunately, social media threats can be detected in 24 hours or less, thereby alerting an organization of threats and breaches much quicker than other threat vectors today. The rest of this white paper explores a few of the most prominent regulatory and industry compliance guidelines to shed light on requirements tied to mitigating social media based risks.

White Paper Highlights:

An in-depth look at 3 major compliance regulations — PCI (Retail), FFIEC (Financial Services), and HIPAA (Healthcare) — and their relationship to social media